Posts

Audits- the necessary evil?

Most IT executives recognize the importance of a proper audit, yet audits can be a painful process for both the auditor and the IT organization. Audits give companies opportunities to improve, based on analysis and advice. How big (and complex) should an audit be depends on the risk priorities and thresholds, business objective, differences in the operating environments and the overall audit objectives. The goal of the audit should not be to “make the auditor” happy, but to review and show how well the department meets the needs of the business.
Logging, reporting and monitoring are very important for both daily IT functions as well as audit processes. In an audit: Logging provides a record of events related to IT processes. Monitoring is important when trying to determine state changes and other significant events. Reporting is the creation of reports whether manual (on-demand) or automatic (scheduled). On the surface these activities may look like mundane activities, but in reality they are the most important tools for managerial oversight.
Applications such as the Active Directory Manager, Active Directory Change Notifier and the Active Directory Reporter help IT organizations prepare for audits and implement solid policies that will have long-term, positive effects on the enterprise. For example, the Active Directory Manager and Active Directory Reporter offer an extensive report library, ready to use right out of the box. IT users can customize those reports to satisfy even the most detailed audit requirements.
These applications help IT managers with their audits and provide the tools needed to successfully complete the process.

Identity and access management policies

In many cases, adding personnel accounts and application is tedious, and involves inputting information about a new hire by hand, which could take days in some instances. Even then, some users may not have access to the applications they need, and often will have to log in using a colleague’s name and password while access was requested, cleared and granted. This is a huge security black hole for the enterprise. Implementing identity and access management software is a security process improvement that is essential in today’s corporate environment.
Identity and access management can also play a role in compliance issues. Using the native tools, all the audits involve the manual process of finding out who had access to what? Who authorized that access? When was it authorized? When was the last time they reset their password? Using an identity and access management application like the Active Directory Manager or the Active Directory Reporter will vastly improve and automate your audit process.
You may think a departed employee is gone forever, but if your organization doesn’t have a comprehensive identity and access management plan, you may be in trouble. Disabling user accounts during the employee termination process is a gaping flaw in most companies. Weeks, months and even years after an employee has left you can still see their names and personal information floating around. Compounding this security breach is the fact that in some cases, former employees’ accounts are still active. This access crisis can also happen when an employee changes jobs within the same company, but retains access to applications and information that isn’t appropriate for their new job anymore. If an identity and access management policy is too lax, it can create data loss and security breaches, and if the policy is too strict, employees who need access will simply find a way around it and defy the set policy.
If you’d like to talk more about the identity and access management policies in place at your company, please contact us directly.

AD management- working smart, not hard

For most people, managing the enterprise Active Directory may seem like an easy task. Why invest in, and use advanced tools to manage something that at first glance can manage itself? After all, a company doesn’t hire people and doesn’t add new resources everyday. Changing account settings seems easy, and controlling your IT infrastructure by creating group policies only has to happen once in a while, right? Most IT administrators would recognize these statements as being insufficient for their business, yet because of all the complexities and required scripting the same administrators have adopted a “live and let live” approach when dealing with the Active Directory.
When’s the last time you needed to search through its logs to determine who deleted what file? How long have you spent on restoring an AD object because someone accidentally deleted it? And even worse- how many hours or days have you spent figuring our just what report would satisfy your regulatory compliance and auditors? Most IT administrators agree that getting “centralized”, and having granular permissions management in a Windows environment can be difficult, if not impossible. Windows provides limited tools and even more limited documentation for managing the directory service. It also does not support the multi-layered permissions administration needed to satisfy modern business needs.
Due to the inherent complexities most administrators prefer to set the Group Permissions and add subsequent users to the group, giving them access to those resources. This simplistic approach is implemented because once they spend the time to set up the thousands of files, folders, AD objects and more, they can close the project and move on. In reality, keeping this updated takes a lot of time, and because of it, in most cases it gets overlooked. As a result this approach leads to an inflexible strategy. Consider this scenario: looking at a department, you set the group and give all the permissions needed to ensure they can do their job. Later, when a new product or feature is launched, you will need to split that department into 2 different groups. Wouldn’t you want a solution that allows you to do that right away and saves you the many hours needed to complete this project if you use only the native tools?
Windows alone can’t satisfy the all the modern business needs, and using a third party software is a must. Here at CionSystems we created solutions that extend the native functionality and give IT managers an easy way of dealing with the complexities inherent in Active Directory without the need for scripting. Our goal is to solve issues and scenarios such as the ones above and make Active Directory management a snap.
Furthermore, when considering all the business requirements- Reporting, Enforcement, Auditing and Analysis just to name a few- the need for implementing a complete solution such as the Active Directory Manager is obvious. With it, tasks such as managing users with their passwords and personal information; consistency in provisioning centralized configurations; troubleshooting and finding root causes to problems; canceling accounts; ensuring compliance and more, are made easy and straightforward. Starting with the easy to use and fully customizable Dashboard, administrators are able to delegate tasks through the IT organization. The Dashboard gives a central point where users can access and customize Reports, manage OUs, set Group Policies, manage users, perform quick Search and Replace functions and even manage settings for MS Exchange.
Analyzing the needs of each customer, we maximize their IT investment. We build decades of experience into every solution we design, giving our customers the tools needed to securely manage the health of their infrastructure with confidence.